In this attack malicious attacker send enough requests flooded onto the network for DHCP discover, the attacker can completely exhaust the address space allocated by the DHCP servers for an indefinite period of time.
Actual Clients of the victim network are then starved of the DHCP resource(s), thus DHCP Starvation can be classified as a Denial of Service attack.
The network attacker can then set up a Rouge DHCP Server on the network and perform man in the middle attacks, or simply set their machine as the default gateway and sniff packets.
Download tool : http://www.yersinia.net/
In BackTrack/ Kali its already installed, use below to perform dhcp starvation attack
# yersinia dhcp -attack 1
or use GUI version of it
# yersinia -G
Above commands send infinite dhcp discover request to dhcp server and eat up complete pool of addresses
And then hacker, place its own dhcp server on the n/w, and send its desire configure to the client, as when requested. to perform MITM attack
